Server‐side request forgery (SSRF) - NANDITHA90/PortSwigger-LABS GitHub Wiki

LAB - 1

Basic SSRF against the local server

image

image

image

image

image

image

image

image

image

LAB - 2

Basic SSRF against another back-end system

image

image

image

image

image

image

image

image

LAB - 3

Blind SSRF with out-of-band detection

image

image

image

image

image

image

LAB - 4

SSRF with blacklist-based input filter

image

image

image

image

image

image

image

LAB - 5

SSRF with filter bypass via open redirection vulnerability

image

image

image

image

image

image

image

image

image

image

LAB - 6

SSRF with whitelist-based input filter

image

image

image

image

image

image

image

image

image

image

image

image